We currently support the latest version of OWASP-Wich with security updates.
| Version | Supported |
|---|---|
| latest | ✅ |
We take security vulnerabilities seriously. If you discover a security issue in OWASP-Wich, please report it responsibly.
- Do NOT create a public GitHub issue for security vulnerabilities
- Email the OWASP BLT team at: [email protected]
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Timeline: Depends on severity
- Critical: 7-14 days
- High: 14-30 days
- Medium/Low: 30-90 days
- We follow responsible disclosure practices
- We will acknowledge your contribution (if desired)
- We will provide credit in security advisories
- Please allow us time to fix the issue before public disclosure
When using OWASP-Wich:
- GitHub Tokens: Store your GitHub token in environment variables, never in code
- Rate Limits: Be aware of GitHub API rate limits
- Dependencies: Keep dependencies up to date
- Python Version: Use Python 3.7 or higher
- Network Security: Ensure secure network connections when scanning repositories
- HTTPS-only connections to GitHub API
- No storage of sensitive data
- Read-only repository access
- Input validation for URLs
- Safe HTML parsing with BeautifulSoup
- GitHub API rate limiting applies
- Some checks require manual verification
- Not a replacement for comprehensive security audits
- Limited checks for non-GitHub repositories
For security-related questions, contact: [email protected]